<div dir="ltr"><div dir="ltr"><div>Sorry, I replied to just Mark rather than the list.</div><div>
<div><br></div><div>Yes, here is the command I am using:</div><div><br></div><div># ncat -l -U /var/opt/isc/scls/isc-bind/log/named/dnstap.sock</div><div class="gmail-yj6qo gmail-ajU"><div id="gmail-:1dl" class="gmail-ajR" tabindex="0"><img class="gmail-ajT" src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif"></div></div>
</div><div>I "chown named.named ./dnstap.sock" :</div><div><br></div><div> 0 srwxr-xr-x. 1 named named unconfined_u:object_r:named_log_t:s0 0 Mar 2 09:23 dnstap.sock<br></div><div><br></div><div>But regardless I don't get anything from the pipe when using the normal "systemctl start isc-bind-named.service" followed by some "dig" commands to test (but see below). I was previously using fstrm_capture like this:</div><div><br></div><div># /opt/isc/isc-bind/root/usr/bin/fstrm_capture -t protobuf:dnstap.Dnstap -u /var/opt/isc/scls/isc-bind/log/named/dnstap.sock -w /var/tmp/example.dnstap</div></div><div><br></div><div>But I was only seeing 46 bytes in the "example.dnstap" and nothing decoded when I run "dnstap-read ./example.dnstap". After "systemctl stop isc-bind-named.service" and stopping the "fstrm_capture" process the file increased to 54 bytes, but "dnstap-read" still doesn't decode anything.<br></div><div><br></div><div>I am reasonably confident that I am doing something boneheaded somewhere, likely a typo in my config or bad permission somewhere, but I admit I can't see it and without any error messages or debug information I am struggling. The config is pretty simple, just the option stanza below and logging settings (mostly copy-pasted from the ISC website just in case).<br></div><div><br></div><div>In an effort to figure out the problem I went so far as to:</div><div><br></div><div># strace -a 120 /opt/isc/isc-bind/root/usr/sbin/named -f -u named 2>&1 | tee temp.file</div><div><br></div><div>And I do suddenly get "protobuf:dnstap.Dnstap" on the pipe, but nothing further. So my root problem seems to be with how systemd is managing the process (maybe a user ID problem with the pipe). But my grepping the strace didn't catch anything opening the "dnstap.sock" pipe.<br></div><div><br></div><div>I admit I don't know what I am doing wrong or how to get better information, short of maybe stepping through with GDB to try to see where it is failing.<br></div><div><br></div><div>Running named with this in the options:</div><div><br></div><div> dnstap-output file "/var/opt/isc/scls/isc-bind/log/named/dnstap.log";<br></div><div><br></div><div>Does work just fine with lots of wonderful data, so it isn't a problem with dnstap per se, it is something with how I am setting up the pipe or environment named is running in.<br></div><div><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Mar 1, 2021 at 6:53 PM Mark Andrews <<a href="mailto:marka@isc.org">marka@isc.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Do you have something reading the pipe?<br>
<br>
<br>
> On 2 Mar 2021, at 10:30, Adam Augustine <<a href="mailto:augustineas@gmail.com" target="_blank">augustineas@gmail.com</a>> wrote:<br>
> <br>
> I can't seem to get any debug information out of BIND for troubleshooting a dnstap problem I am having.<br>
> <br>
> I have a CentOS 8.3.2011 VM with the COPR packages installed. <br>
> <br>
> My /etc/opt/isc/scls/isc-bind/named.conf :<br>
> options {<br>
> directory "/var/opt/isc/scls/isc-bind/named/data";<br>
> listen-on { any; };<br>
> listen-on-v6 { any; };<br>
> dnssec-validation auto;<br>
> dnstap {all;};<br>
> // dnstap-output unix "/var/opt/isc/scls/isc-bind/run/named/dnstap.sock";<br>
> dnstap-output unix "/var/opt/isc/scls/isc-bind/log/named/dnstap.sock";<br>
> dnstap-identity "<a href="http://dnstap01.ldschurch.org" rel="noreferrer" target="_blank">dnstap01.ldschurch.org</a>";<br>
> dnstap-version "bind-9.16.12";<br>
> };<br>
> <br>
> logging { <br>
> [SNIP]<br>
> channel dnstap_log {<br>
> file "/var/opt/isc/scls/isc-bind/log/named/dnstap" versions 3 size 20m;<br>
> print-time yes;<br>
> print-category yes;<br>
> print-severity yes;<br>
> severity debug 10;<br>
> };<br>
> [SNIP]<br>
> category dnstap { dnstap_log; default_debug; };<br>
> };<br>
> <br>
> On startup, the /var/opt/isc/scls/isc-bind/log/named/dnstap file is created, but no information is logged:<br>
> <br>
> 4 -rw-r--r--. 1 named named system_u:object_r:named_log_t:s0 54 Mar 1 16:23 dnstap<br>
> <br>
> This is despite /var/log/messages having the following line:<br>
> <br>
> opening dnstap destination '/var/opt/isc/scls/isc-bind/log/named/dnstap.sock'<br>
> <br>
> Which I would have expected to see logged in /var/opt/isc/scls/isc-bind/log/named/dnstap . On shutdown, this single entry is logged in /var/opt/isc/scls/isc-bind/log/named/dnstap:<br>
> <br>
> 01-Mar-2021 16:23:31.597 dnstap: info: closing dnstap<br>
> <br>
> There is nothing relevant in /var/log/audit/audit.log, so I don't think it is SELinux related, especially since there is successful log entry on shutdown.<br>
> <br>
> I have tried changing the severity level from "info", to "debug 1", to "debug 3", and then to "debug 10", but I can't seem to get any more information out other than the single message about "closing dnstap".<br>
> <br>
> Any idea what I am doing wrong?<br>
> <br>
> _______________________________________________<br>
> Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
> <br>
> ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
> <br>
> <br>
> bind-users mailing list<br>
> <a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
> <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
<br>
-- <br>
Mark Andrews, ISC<br>
1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
PHONE: +61 2 9871 4742 INTERNET: <a href="mailto:marka@isc.org" target="_blank">marka@isc.org</a><br>
<br>
</blockquote></div></div>